OpenVPN DNS trouble

[hcso-tm]

Hi,
we do have a problem with DNS-Resolution through the tunnel.

The behavior is very strange. We do have the internal Domain mc.local and the Domain mycompany.com

Code: [Select]

nslookup testserver.mc.local
nslookup testwebsite.mycompany.comboth results in NX-Domain resolved by the dns server where the client resides.

Code: [Select]

nslookup testserver.mc.local 172.16.0.10 #DNS Server at Site, not opnSense
nslookup testwebsite.mycompany.com 172.16.0.10 Both resolves the servers.

The real strange part is:

Code: [Select]

ping testserver.mc.local does work,

Code: [Select]

ping testwebsite.mycompany.comdoes NOT. It does work however, when we add the name resolution in the hosts file.

Our Server Settings are:

Code: [Select]

DNS Default Domain: mc.local
DNS Domain search list: mycompany.com
DNS Servers 172.16.0.10
Force DNS cache update: tested, no difference
Prevent DNS leaks: tested, no difference
redirect gateway: false (when true, it does work)
IPv4 Local Network: 172.16.0.0/16


It behaves the same on all 4 possible connections:

Client:
Windows 10 OpenVPN Connect 3.3.7 (latest Version)
Windows 11 OpenVPN Connect 3.3.7 (latest Version)

Server:
OPNsense 23.1.11-amd64 (OpenVPN 2.6.5)
OPNsense 22.1.6-amd64 (OpenVPN 2.5.6)

We didn´t change the server Config for over one year and nobody complained, so we are pretty sure, it did work up until a few weeks ago.
Since last week, we got three reports, about this issue.

What really puzzles me, is the fact that OpenVPN-Connect had its last update in February and it happens on the old and new OpnSense Version.
The only thing, I can think of, are Windows-Update, that broke something on Win10 and 11...
Or nobody wanted to use those "internal-Only" websites for half a year and last week 3 guys (from 2 different customers, so they are totally independent!) wanted to use it again.

Does anybody have the same issue and/or a solution?

Thanks in advance
Jochen